Welcome to TechNet Blogs Sign in | Join | Help

Marcus Hass' [MS] Blog

Interesting tidbits about Microsoft Infrastructure and other products. Occasional rants about travel, gaming and gadgets.
Exchange 2007 – Snags during my upgrade

This week I had some time to spend in my lab at home, so I thought I would catch up on some overdue projects,  My biggest project was to get my lab up to Exchange 2007 from 2003.  The complication here is that although I have a rack of “real” servers, I don’t have any spare capacity.

Virtual PC to the rescue!  I grabbed a spare laptop from our inventory at the office, and snagged a copy of my sysprep’d Windows Server 2003 R2 image and installed Exchange 2007.

I decided to write about my experience so that the search engines catch it, and hopefully get you on your way quicker.

Mailbox Migration

After updating my AD schema and making reasonably sure that the 2007 box could talk to the 2003 box, I moved my mailbox.  I checked, and I could still access my mailbox through OWA, RPC/HTTP, Local MAPI, and EAS (still accessed through the EX2003 box via publishing rules on my ISA 2006 box).  Since all of this worked, I migrated over the 20 or so mailboxes that I host for friends.

Since I didn’t have any spare boxes, I would have to pave my old EX2003 box, install Exchange 2007, and move the mailboxes back off the VPC Exchange server.  I decided to take an outage and didn’t change the ISA publishing rules to the new EX2007 box, so I don’t know if Exchange out of the box worked for me (something that in retrospect might have helped me).  Uninstalling EX2003 was uneventful.  I had to turn off NNTP and SMTP to allow EX2007 to install on the box, as well as apply a .NET hotfix that the installer guided me to install.

The “real hardware” EX2007 box was up and running, and was part of the Org.  I moved the mailboxes back, and did a quick check with a local Outlook client to ensure I could still get to mailboxes.

Decommissioning the EX2007 VPC

This is where I hit my first real snag.  I took care to move mailboxes and Public Folders over to the “Real EX2007” server.  I wanted to ensure that everything was moved over by deleting the Mailbox and Public Folder database before I did the uninstall.  When I tried to delete the Public Folders database using the GUI I kept getting this error:

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
The public folder database 'Public Folder Database' cannot be deleted.
Public Folder Database Failed
Error:
The public folder database specified contains folder replicas. Before deleting the public folder database, remove the folders or move the replicas to another public folder database.
 

--------------------------------------------------------
OK
--------------------------------------------------------

With the help of some really smart Exchange product team guys, they pointed me to a couple TechNet articles:

How to Remove a Public Folder Database

How to Remove the Last Public Folder Database in the Organization

For those with link impairment, and for the sake of search engines, I ran the following commands to resolve this issue:

Get-PublicFolder -Server <server with public folder database> "\" -Recurse -ResultSize:Unlimited | Remove-PublicFolder -Server <server with public folder database> -Recurse -ErrorAction:SilentlyContinue

 Get-PublicFolder -Server <server with public folder database> "\Non_Ipm_Subtree" -Recurse -ResultSize:Unlimited | Remove-PublicFolder -Server <server with public folder database> -Recurse -ErrorAction:SilentlyContinue

Remove-PublicFolderDatabase -Identity "<server>\<storage group>\<public folder database>"

NOTE: This is where I had my first Eureka! moment.  The GUI sucks, you can’t do much more than very basic management from the new Exchange System Management console.  The Shell is where it’s at, the more you use it, the more you like it.

So all is good in the world: no more mailboxes or public folders on the EX2007 VPC.  When I try and remove Exchange 2007, I started getting the error:

“this computer is configured as a bridgehead server for 1 routing group connector(s) in the organization.  These must be moved or deleted before setup can continue”

Again, product team guys easily direct me to the good Exchange 2007 documentation regarding the cmdlets in the shell.

In this case, the GUI didn’t show any routing group connectors (please see my note above about how much the GUI is a waste of time).  So, I had to use a command to first find out the names of the routing group connector and then delete it.  I ran the following commands:

Get-RoutingGroupConnector [-Identity <RoutingGroupConnectorIdParameter>] [-DomainController <Fqdn>]

Remove-RoutingGroupConnector -Identity <RoutingGroupConnectorIdParameter> [-DomainController <Fqdn>]

Phew, after deleting the server-to-server routing connector I was able to uninstall EX2007 from the VPC.

Can’t send or receive email

After numerous attempts to send and receive email from internal and external clients, I wasn’t able to send or receive internal or external email.  I tried using the queue viewer tool in the GUI, and it didn’t give me any clues.  I figured I was missing an external send connector, and a quick glance at the GUI verified my assumption (reminder to self: must stop using the GUI).  To polish my mad Shell skillz further, I decided to create an external connector for all external domains (*) using the following command:

New-SendConnector -Name <String> -AddressSpaces <MultiValuedProperty> [-AuthenticationCredential <PSCredential>] [-Comment <String>] [-ConnectionInactivityTimeOut <EnhancedTimeSpan>] [-DNSRoutingEnabled <$true | $false>] [-DomainController <Fqdn>] [-DomainSecureEnabled <$true | $false>] [-Enabled <$true | $false>] [-Force <SwitchParameter>] [-ForceHELO <$true | $false>] [-Fqdn <Fqdn>] [-IgnoreSTARTTLS <$true | $false>] [-MaxMessageSize <Unlimited>] [-Port <Int32>] [-ProtocolLoggingLevel <None | Verbose>] [-RequireTLS <$true | $false>] [-SmartHostAuthMechanism <None | BasicAuth | BasicAuthRequireTLS | ExchangeServer | ExternalAuthoritative>] [-SmartHosts <MultiValuedProperty>] [-SourceIPAddress <IPAddress>] [-SourceTransportServers <MultiValuedProperty>] [-TemplateInstance <PSObject>] [-Usage <Custom | Internal | Internet | Partner>] [-UseExternalDNSServersEnabled <$true | $false>]

After creating the send connector, I thought my troubles were over.  Wrong!  Nothing was working.  I did a quick telnet to my server on port 25 and got the error:

“452 4.3.1. Insufficient system resources

Connection to host lost.

Press any key to continue…”

Well, it just so happens that this machine had two partitions, one for OS and one for the stores.  By default the SMTP queue is located on the C drive, which only had about 1GB left.  Exchange 2007 has a “Back Pressure” feature that disables the SMTP queue when there is low disk space.  Unfortunately, there is no handy-dandy shell command to move the queue location.  There is a pretty good article up on Technet that tells you how to Change the location of the Queue Database,  It involves moving some files, granting “Full Control” to the network service on the new directory, and editing an XML file that contains the location of the queue.  I also spotted a way to disable the Back Pressure feature.  Just sucks that this isn’t in the Shell….

Immediately after this adjustment I got a shotgun of test emails, and the queue monitor lit up light a Christmas tree.

Certificates, OWA, and ISA

Because I want my buddies to be able to use OWA, EAS and RPC/HTTP securely, I have a public SSL certificate (really cheap from GoDaddy.com).  Exchange actually generates its own certificates which is great, but doesn’t really work for my purposes.  I also wanted to have ISA do the forms authentication, so I had to have the SSL cert on both the ISA server and Exchange box.  It was pretty routine to export the cert with public key and install it on ISA using certificate manager.

I used the ISA publishing wizard for Exchange 2007 for OWA and it made it pretty brainless.  I also published IMAP and POP3 for those friends I have that aren’t quite on the RPC/HTTP bandwagon.  Additionally, I had already published the SMTP server and created a rule to allow outgoing SMTP from the Exchange server.

When I tried OWA, I kept getting the following Error:

500 Internal Server Error – The target principal name is incorrect”

Turns out that ISA’s interface in 2006 has changed a bit, and was misleading for me.  I had created an HTTPS listener with the SSL cert, and everything looked good.  ISA allows you to “bridge” the names by allowing you to have an “outside” name and route it to an “internal” name.  Turns out, that on the “To” tab of the OWA publishing rule, I had mistakenly specified the “outside” DNS name of instead of my internal server.  To set this up correctly, it needs to be:

This rule applies to this published site:

Mail.mydomain.com (external certificate name)

Computer name or IP address (required if the internal site name is different or not resolvable):

10.1.1.1

Summary

When I setup numerous Exchange 2003 servers for customers, I have a set way of doing it.  And between having done it a bunch of times, and most of the tweaking in the GUI, 2003 seems easier.  That said, I think that if you set the expectation that the Shell is your new config tool, it isn’t much harder.  I really like the flexibility of the Shell, and I assume we took the Shell approach because the GUI would be impossibly complex to design for effective management especially with the Unified Communication components.

On your side, Microsoft has provided great documentation this time and it is already published on Technet and other resources.

Is it worth the hassle?  Heck ya.  Can you run setup.exe and be ready to go in 20 minutes?  Nope.  This is a complex, powerful product with lots of options.  But, most admins familiar with Exchange should not have many issues getting it up and going.

Posted: Friday, January 26, 2007 10:34 AM by mhass

Comments

Herschel said:

Marcus,

Yea, I know you are a genius with MS$ software. But you had a **** of a time getting this done.

If you are a small business owner, is there any hope to use Exchange 2007 for them?

I've never heard anyone at Microsoft admit that "...and I assume we took the Shell approach because the GUI would be impossibly complex to design for effective management especially with the Unified Communication components."

Didn't realize that Microsoft didn't have enough good software development and design people to do this as a GUI, but I guess the buck has to stop at VISTA. You throw billions into that and there's not much left over for the really important stuff!!! ;-)

Herschel

# January 26, 2007 3:25 PM

mhass said:

Would I recommend a standalone Windows Server with Excange 2007 on it for my dad's 5 person business?  No, unless my IT guy new Exchange pretty well.  But traditionally, our Small Business Server product will set itself up in a common configuration through wizards to avoid the headaches I had.

I have heard a rumor that in the near future we will have some kind of service or feature pack that might address some of the major shortcomings in the GUI.  But along with the complexities of sorting out the GUI, Microsoft listened to the admins, and they want command line and sciptability.

# January 26, 2007 3:48 PM

boe said:

YOU RULE!!!!

I've been using exchange for MANY years - since before 2000 and never had any of the issues that I've had with 2007 - might as well just hire a freakin programmer just to admin exchange!   I've never been anti MS before but I'm not sure if it is new management, a lack of management or bad hiring and development practicies but this is an abomination!   Vista is pretty bad, zune sucks, and office 2007 leaves a lot to be desired - what happened to MS - I used to look forward to each new product even though none were perfect - these are heinous!

Thanks for the uninstall - couldn't figure it out without using ADSIEDIT - this is much better.   Thanks again!

MS - I'm starting to appreciate the over the top mac ads - I'm not a fan of their OS but I think there are too many MS Fanboys not willing to at least concede there are issues that need work.   I tried talking about the deficiencies of the powershell and issues of Exchange 2007 and I got a lot of hate from the developers who love the new powershell.

# April 27, 2007 8:25 PM

Mike said:

I am a veteran of Linux, and have been using it since 1998. I am no stranger to the command line, and I find it extremely useful when implemented well.

However, Exchange 2007 has all the disadvantages of a poor GUI and a poor command shell. Sure, the command line is useful for large enterprises who have 18 Exchange admins, like Bank of America where I used to work (luckily when still using Exchange 2003), but not having the ability to change user mailbox permissions in the GUI?

That's just asinine, and unconscionable. This alienates many administrators, and makes my life harder, and increases the time it takes me to do simple Exchange tasks from a few seconds to, in some cases, several days.

This is insane.

I've noticed that anyone who disagrees with the Microsofties here is accused of being a troll and spreading FUD, and all that.

Whatever.

I've been in IT since the 1990s. I now control a lot of money and make a lot of decisions as to what companies should use for their IT infrastructure. If there is any possible way that I can convince the small- to medium-sized companies that I consult for to explore other email solutions, I will do so -- even if it's Linux-based, as at least the command line there makes some sense.

It's not that I am not comfortable with Powershell/EMS. I am. It's just that I hate it and think it mars the good name of Exchange, and also makes day-to-day administration of most tasks much, much harder.

Old days: User calls up and wants me to add some permissions to a mailbox: Click! Click! Click! Done. 8 seconds.

Today: User calls up and wants me to add some permissions to a mailbox: Oh, what's that command? (Looks it up.) Oh yeah. Ok, hmm, wrong syntax. Let me try that again. Oops, wrong syntax again. To user: Can I call you back in an hour? I have to wade through 20 pages of tech docs to figure this out.

User: Confused because it used to take 8 seconds.

If there weren't so very much removed from the EMC, I'd be more pleased with it. What a waste of my damn time.

I will not be recommending Microsoft Exchange in the future to anyone until this is corrected, and though I am sure MSFT will not notice it in ther bottom line, I am not the only one by far who feels this way.

What a terrible decision for a product that I really liked, and what a terrible response to complaints.

# July 19, 2007 4:31 PM

Rob said:

Mike, you are spot on.  Working on migrating Exchange 2003 org and Domino infrastructure to Exchange 2007.   What a &*#^^%$!!!!

We're now moving to Notes 8.

Microsoft - what were you thinking????

# September 19, 2007 3:34 AM

Herschel said:

Funny,

For some reason my RSS reader picked this entry up as new today and I re-read it, then re-read my first comment.

After a second look at this I find it interesting that Microsoft is going to abandon the GUI in favor of the command line or it looks as though they are leaning that way.

GUI interface design is indeed tough on a complex application like Exchange. However, I think Microsoft is making a huge strategic mistake. I know they are trying to court the *nix crowd over to Windows 2008, but at what cost? Loosing the less experienced SA's out there.

For me, I'll use several toolsets to manage an infrastructure so giving me another tool is fine, but Microsoft better keep the existing toolsets working (GUI) or some SAs will start to complain and think "Gee, if I have to learn a command line OS to get my job done, why don't I learn Linux and suggest to management 'go with free'."

Anyway, that's for some Program Manager at M$ to figure out and have sleepless nights over.

# September 27, 2007 2:57 PM

mhass said:

Make sure and check out the next service pack for Exchange 2007.  There should be better GUI functionality.

# September 27, 2007 3:03 PM

Mark M. said:

Exchange 2007 feels like 5 steps backwards from the previous versions.  I've never run into so many issues with an Exchange server before.  It's sad that Google is required to get the product to install.

# October 15, 2007 2:21 PM

Dan G. said:

I have to join in on this one.  There is no way I can recommend Exchange 2007 for my small to mid size clients.  Having worked with Exchange since 5.5 and upgrading at each opportunity, I am just shocked that the GUI is this bad.  If you are going to make management of a line of business application this complicated and essentially throw out 10 years of Exchange experience, just rename the product! Seriously, when I got 2007 running on our testbed I thought the installation had gone south and I was missing something.  But no... that's it!  I too went through the exact same procedure for the uninstall and yes I figured it out on my own, but what a &^#&ing nightmare.  I guess if I'm interested billing out tons of consulting hours to do formerly simple management operations, 2007 should be considered a godsend.  But this is just plain silly.  Did someone in Redmond forget that the name of the platform is Windows?  Did someone on the Exchange team get reminiscent for the 80's.  Well stop!  Sure Tempest was awesome and Quiet Riot rules, but I have no desire to go back to seeing this...

READY

When I boot up a system (oh shoot, was I supposed to put the Basic cartridge in the left or the right slot on my Atari 800).  Anyway, not to take away from Marcus's achievements -- I feel somewhat betrayed by this.  I've spent the past 10 years developing chops and now I feel like an old fogie.  

GET OFF MY LAWN!

Signing off,

An Atari 800 fanboy.

Dan

P.S. Commodore 64 sucks!  I can do more with my 48k RAM and player missile graphics than you can with your fancy 64k 8 bit sorry excuse for a game computer.

EOF

# November 7, 2007 1:35 AM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

  
Enter Code Here: Required

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker